HackDig : Dig high-quality web security articles for hacker

PayPal Remote Code Execution Vulnerability Patched

So this is a big one, and thankfully this PayPal Remote Code Execution Vulnerability was discovered by security researchers and not the bad guys. Although there’s no way for us to know if someone has been using this to siphon data out of PayPal for some time before the whitehats found it.It’s a roundabout bug that turns out serious, and why I tel
Publish At:2016-01-27 16:20 | Read:3062 | Comments:0 | Tags:Exploits/Vulnerabilities Web Hacking hack paypal JAVA-securi

Drupal - Insecure Update Process

By Fernando ArnaboldiSecurity updates are a common occurrenceonce you have installed Drupal. In October 2014, there was a massive defacement attack that effected Drupal users who did not upgrade in the first seven hoursafter a security update was released. This means that Drupal updates must bechecked as frequently as possible (even though by default, Drup
Publish At:2016-01-06 18:15 | Read:6132 | Comments:0 | Tags:application security drupal fernando arnaboldi hacking updat

Linode DDoS Attack – Merry Xmas Sysadmins

So the Linode DDoS attack – seems like this xmas has been a terrible time for sys admins, along with what happened to Steam and A Small Orange (100+ hours down).A whole lot of work during the most drunken holiday of the year, not fun. And yes it affected me too, work wise everything is hosted on Linode – and this site is also hosted on Linode. So
Publish At:2015-12-30 19:15 | Read:2544 | Comments:0 | Tags:Web Hacking ddos linode vps linode ddos ddos on linode vps h

0d1n – Web HTTP Fuzzing Tool

0d1n is an open source web HTTP fuzzing tool and bruteforcer, its objective is to automate exhaustive tests and search for anomalies (you know, vulnerabilities). 0d1n can increase your productivity following web parameters, files, directories, forms and other things.Od1n is written in C and uses libcurl for performance.FeaturesSome of the features of 0d1n ar
Publish At:2015-11-09 14:25 | Read:2706 | Comments:0 | Tags:Hacking Tools Web Hacking 0d1n auth fuzzing fuzzing fuzzing-

OWASP WebGoat – Deliberately Insecure Web Application

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.In each lesson, users must demonstrate their
Publish At:2015-10-20 08:15 | Read:3480 | Comments:0 | Tags:Exploits/Vulnerabilities Web Hacking deliberately insecure w

Weevely 3 – Weaponized PHP Web Shell

Weevely is a command line weaponized PHP web shell dynamically extended over the network at runtime and is designed for remote administration and pen testing. It provides a telnet-like console through a PHP script running on the target, even in restricted environments.The low footprint agent and over 30 modules shape an extensible framework to administrate,
Publish At:2015-09-18 18:40 | Read:3729 | Comments:0 | Tags:Hacking Tools Web Hacking command line web shell extensible

BackBox Linux – Penetration Testing LiveCD

BackBox is a Linux distribution based on Ubuntu – a penetration testing LiveCD. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used
Publish At:2015-09-15 02:35 | Read:5701 | Comments:0 | Tags:Hacking Tools Linux Hacking Web Hacking backbox backbox down

WhatsApp Web vCard Vulnerability Exposed 200M Users

So it seems there was a lot of noise about the WhatsApp Web vCard Vulnerability with over 200 Million people using the desktop version of WhatsApp – it’s a fairly large cache of users to go after. Disclosed by Check Point security, the vulnerability is exploited by sending a vCard contact containing malicious code to a WhatsApp Web user.The vulne
Publish At:2015-09-12 04:15 | Read:3294 | Comments:0 | Tags:Exploits/Vulnerabilities Web Hacking maliciouscard whatsapp

WATOBO – The Web Application Security Auditing Toolbox

WATOBO – The Web Application Security Auditing Toolbox – is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits.It is capable of passive as well as active scanning and this latest is its real value added. It enables to automatize the discovery of common vulnerabilities (XSS, LFI,
Publish At:2015-06-30 16:15 | Read:2996 | Comments:0 | Tags:Hacking Tools Web Hacking hacking web apps hacking-websites

Plecost – WordPress Fingerprinting Tool

Plecost is a WordPress fingerprinting tool, it can search and retrieve information about the plug-in versions installed in a WordPress installation. It can be used to analyse a single URL or perform an analysis based on the results indexed by Google.Additionally it also displays the CVE code associated with each plug-in vulnerability, if any exist.The other
Publish At:2015-06-09 23:26 | Read:4829 | Comments:0 | Tags:Hacking Tools Web Hacking hack-wordpress identify wordpress

OWASP Zed Attack Proxy – Integrated Penetration Testing Tool

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced
Publish At:2015-06-09 23:25 | Read:2982 | Comments:0 | Tags:Hacking Tools Web Hacking hacking-proxy integrated penetrati

Shadow Daemon – Web Application Firewall

Shadow Daemon is a collection of tools to detect, protocol and prevent attacks on web applications. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability.S
Publish At:2015-06-09 23:25 | Read:2544 | Comments:0 | Tags:Countermeasures Security Software Web Hacking hacking web ap

Watcher – Passive Web Application Vulnerability Scanner

Ever find yourself looking for that show-stopper exploit in a Web-app, and forgetting to check out all the low-hanging fruit? That’s initially why the authors created Watcher – a passive web application vulnerability scanner.For one thing, you don’t want to manually inspect a Web-app for many of these issues (cookie settings, SSL configurat
Publish At:2015-04-07 10:20 | Read:2466 | Comments:0 | Tags:Hacking Tools Web Hacking fiddler passive analysis tool pass

Commix – Command Injection Attack Tool

Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used by web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.By using this command injection attack tool, it is very easy to find and exploi
Publish At:2015-04-04 02:10 | Read:3467 | Comments:0 | Tags:Exploits/Vulnerabilities Web Hacking command injection attac

Pentoo – Gentoo Based Penetration Testing Linux LiveCD

Pentoo is a Gentoo based penetrating testing linux LiveCD. It’s basically a Gentoo install with lots of customized tools, customized kernel, and much more. Here is a non-exhaustive list of the features currently included:Hardened Kernel with aufs patchesBackported Wifi stack from latest stable kernel releaseModule loading support ala slaxChanges saving
Publish At:2015-03-31 02:05 | Read:2688 | Comments:0 | Tags:Hacking Tools Linux Hacking Web Hacking gentoo gentoo livecd

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud